I would like to use node.js bcrypt to hash passwords before storing them in the database.
This link provides the documentation. https://github.com/kelektiv/node.bcrypt.js
Here is an example on hashing the password.
var bcrypt = require('bcrypt');
const saltRounds = 10;
const myPlaintextPassword = 's0/\/\P4$$w0rD';
var salt = bcrypt.genSaltSync(saltRounds);
var hash = bcrypt.hashSync(myPlaintextPassword, salt);
// Store hash in your password DB.
Here is the code to check the password.
// Load hash from your password DB.
bcrypt.compareSync(myPlaintextPassword, hash); // true
This is what I don't understand. In bcrypt.compareSync, why is there no parameter salt? Since the hash is generated from salt, why does comparing the plaintext password not involve the original salt used in hashing?
The salt is part of the string bcrypt stores in the database, see for instance the answer on Do I need to store the salt with bcrypt?